当前位置: 首页 > 工具软件 > Valve Proton > 使用案例 >

tomcat8的Valve Component(阀门组件)之Remote IP Valve远程IP阀门

谯振国
2023-12-01

介绍

Tomcat port of mod_remoteip, this valve replaces the apparent client remote IP address and hostname for the request with the IP address list presented by a proxy or a load balancer via a request headers (e.g. "X-Forwarded-For").

Tomcat的mod_remoteip端口,此阀门valve用代理或负载均衡器通过请求headers(例如“ X-Forwarded-For”)提供的IP地址列表替换请求的表面客户端远程IP地址和主机名。

Another feature of this valve is to replace the apparent scheme (http/https), server port and request.secure with the scheme presented by a proxy or a load balancer via a request header (e.g. "X-Forwarded-Proto").

该阀的另一个功能是通过代理或负载均衡器通过请求headers(例如“ X-Forwarded-Proto”)替换表面scheme(http / https),服务器端口和request.secure。

This Valve may be used at the Engine, Host or Context level as required. Normally, this Valve would be used at the Engine level.

可以根据需要在Engine,Host或Context级别使用此Valve。 通常,此valve将在Engine级别使用。

If used in conjunction with Remote Address/Host valves then this valve should be defined first to ensure that the correct client IP address is presented to the Remote Address/Host valves.

如果与Remote Address/Host valves结合使用,则应首先定义此valve,以确保向Remote Address/Host valves提供正确的客户端IP地址。

Remote_Address_ValveRemote_Host_Valve的文档地址

Note: By default this valve has no effect on the values that are written into access log. The original values are restored when request processing leaves the valve and that always happens earlier than access logging. To pass the remote address, remote host, server port and protocol values set by this valve to the access log, they are put into request attributes. Publishing these values here is enabled by default, but AccessLogValve should be explicitly configured to use them. See documentation for requestAttributesEnabled attribute of AccessLogValve.

注意:默认情况下,此valve不影响写入访问日志(access log)的值。 当请求处理离开valve时,将恢复原始值,并且总是在访问日志记录(access log)之前发生。 要将此valve设置的远程地址,远程主机,服务器端口和协议的值传递到访问日志,它们将放入请求属性(request attributes)中。 默认情况下,在此处发布这些值是启用的,但应明确配置AccessLogValve以使用它们。 请参阅文档以获取AccessLogValve的requestAttributesEnabled属性。

Access_Log_Valve文档地址,也可以看上篇文章tomcat8的Valve Component(阀门组件)之AccessLog访问日志配置

The names of request attributes that are set by this valve and can be used by access logging are the following:

由该valve设置并可由访问日志(access log)使用的请求属性的名称如下:

  • org.apache.catalina.AccessLog.RemoteAddr
  • org.apache.catalina.AccessLog.RemoteHost
  • org.apache.catalina.AccessLog.Protocol
  • org.apache.catalina.AccessLog.ServerPort
  • org.apache.tomcat.remoteAddr

属性 

The Remote IP Valve supports the following configuration attributes:

AttributeDescription
className

Java class name of the implementation to use. This MUST be set to org.apache.catalina.valves.RemoteIpValve.

remoteIpHeader

Name of the HTTP Header read by this valve that holds the list of traversed IP addresses starting from the requesting client. If not specified, the default of x-forwarded-for is used.

internalProxies

Regular expression (using java.util.regex) that a proxy's IP address must match to be considered an internal proxy. Internal proxies that appear in the remoteIpHeader will be trusted and will not appear in the proxiesHeader value. If not specified the default value of 10\.\d{1,3}\.\d{1,3}\.\d{1,3}|192\.168\.\d{1,3}\.\d{1,3}|169\.254\.\d{1,3}\.\d{1,3}|127\.\d{1,3}\.\d{1,3}\.\d{1,3}|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}|0:0:0:0:0:0:0:1 will be used.

proxiesHeader

Name of the HTTP header created by this valve to hold the list of proxies that have been processed in the incoming remoteIpHeader. If not specified, the default of x-forwarded-by is used.

requestAttributesEnabled

Set to true to set the request attributes used by AccessLog implementations to override the values returned by the request for remote address, remote host, server port and protocol. Request attributes are also used to enable the forwarded remote address to be displayed on the status page of the Manager web application. If not set, the default value of true will be used.

trustedProxies

Regular expression (using java.util.regex) that a proxy's IP address must match to be considered an trusted proxy. Trusted proxies that appear in the remoteIpHeader will be trusted and will appear in the proxiesHeader value. If not specified, no proxies will be trusted.

protocolHeader

Name of the HTTP Header read by this valve that holds the protocol used by the client to connect to the proxy. If not specified, the default of X-Forwarded-Proto is used.

hostHeader

Name of the HTTP Header read by this valve that holds the host used by the client to connect to the proxy. If not specified, the default of null is used.

portHeader

Name of the HTTP Header read by this valve that holds the port used by the client to connect to the proxy. If not specified, the default of null is used.

protocolHeaderHttpsValue

Value of the protocolHeader to indicate that it is an HTTPS request. If not specified, the default of https is used.

httpServerPort

Value returned by ServletRequest.getServerPort() when the protocolHeader indicates http protocol and no portHeader is present. If not specified, the default of 80 is used.

httpsServerPort

Value returned by ServletRequest.getServerPort() when the protocolHeader indicates https protocol and no portHeader is present. If not specified, the default of 443 is used.

changeLocalHost

If true, the value returned by ServletRequest.getLocalHost() and ServletRequest.getServerHost() is modified by the this valve. If not specified, the default of false is used.

changeLocalPort

If true, the value returned by ServletRequest.getLocalPort() and ServletRequest.getServerPort() is modified by the this valve. If not specified, the default of false is used.

 类似资料: